<?php
header("content-type: application/x-javascript");
require_once("./include/global.php");
@session_start();

$username = my_addslashes($_POST['username']);
$password = my_addslashes($_POST['password']);

//if(!isset($_SESSION['username']))
//{
$sql = "select * from blog_user where user_Name = '$username' ";
if($result = mysql_query($sql))
{
    if($rs=mysql_fetch_object($result))
	{
	    if($rs->user_Password == md5($_POST['password']))
		{
			$_SESSION['username'] = $rs->user_Name;
			if(!strcasecmp($rs->user_Level, "administrator"))
			{
				$_SESSION['admin'] = "admin";
			}
			echo "alert('User ".$_SESSION['username']." Login in.');\n";
			echo "document.getElementById('login').innerHTML=\"<a class='menu' href='./admin/main.php' title='管理'>Admin</a>\";";
		 }
		 else
		 {
		      echo "alert('Password not match.')";
		 }
	}
	else
	{
	     echo "alert('Password not match.')";
	}
}
else
{
     echo "alert('Error connect to the database.Please check the connection.')";
}
//}
//else
//{
//     echo "alert('User ".$_SESSION['username']." already logined in.')\n";
//}
?>
